adrianhesketh.com

How to send secrets to me

If you need to send me an API key, AWS IAM credentials, username/password combination, or other data that you want to ensure remains secure, you can encrypt it for me, and only me, using public key cryptography. This is more secure than using a password.

To do this, you will need to install gpg.

You can do this using your system’s package manager (e.g. brew install gnupg, apt-get install gnupg, yum install gnupg, apk add gnupg). If you’re using Windows, you can download a “binary release” from here: https://gnupg.org/download/

Once it’s installed, you’ll need to import my public key into your system to encrypt data for me. First, you’ll need my public key.

You can download it from two locations:

For convenience, here’s the shell command:

curl https://adrianhesketh.com/a-h.gpg -o a-h.gpg

To ensure you’ve got the right one, check the SHA256 hash:

# Unix
shasum -a 256 a-h.gpg
# Windows Powershell
Get-FileHash -Path a-h.gpg

You should see the output:

23cfce59f4bac6aec22bd12c02a48d3d4ad4768ab66ece089c19219604711a99

Next, import my public key into your GPG setup.

gpg --import a-h.gpg

You should see an import complete message. You’re now able to encrypt data for me. Let’s say that you want to encrypt ‘credentials.csv’.

gpg --encrypt --recipient adrianhesketh@hushmail.com credentials.csv

You’ll be prompted to make sure that you’ve downloaded the right key and that you’ve checked the hashes. If you’re sure, enter Y to encrypt.

It is NOT certain that the key belongs to the person named
in the user ID.  If you *really* know what you are doing,
you may answer the next question with yes.

The encrypted data will now be at <filename>.gpg, e.g. credentials.csv.gpg. You can then send me the .gpg file safely via email, Slack or another communication mechanism - just be careful to send the file that ends with .gpg, not the unencrypted data.